CVE-2025-62883 MEDIUM

CVE-2025-62883: WordPress Premmerce User Roles plugin <= 1.0.13 - Broken Access Control vulnerability

Vendor Premmerce

Product Premmerce User Roles

Weakness CWE-862 · Missing authorization

Published October 27, 2025

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Roles: from n/a through <= 1.0.13.

Explanation of Vulnerability in Simple Terms

02Summary

Premmerce User Roles versions 1.0.13 and earlier lack proper authorization checks, allowing authenticated users to access sensitive information they should not be able to view. An attacker with a low-privilege account can read data restricted to higher-privilege roles. This affects confidentiality but not data integrity or availability.

What an attacker can do

03Attacker Capabilities

Read sensitive data belonging to higher-privilege user roles.

Potential impact on your site

04Site Impact

User data and role-based information may be exposed to lower-privilege accounts.

Conditions required to exploit

05Prerequisites

Attacker must have a valid low-privilege user account on the site.

Key dates

06Disclosure timeline

October 27, 2025 CVE published

April 28, 2026 Record updated

External resources

07References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-62883 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities